ThreatScope again proves itself by safely detonating malware disguised as a valid Word document. As you'll see via this link, the file was anything but valid. Initially note how it drops a 32 bit executable which modifies many registry settings. Secondarily note how outbound calls are made to 2 sites in Russia. Thankfully, both IP Addresses are listed in the Websense URL database as Malicious. As such, customers leveraging Websense' Web Security Gateways would have been protected... even if they had an inferior Email Security Solution.
Again, and as it typically the case, Anti-Virus procurements continue to fail to return value for our investments... note how only 1 of 57 AV engines is currently detecting the malware:
No comments:
Post a Comment